If Single Sign On (SSO) is enabled for your organization, there are a few important points for managing users in Momentus Elite:
- Adding Users:
- The user email in Elite must match the user email that is used to authenticate to your identity provider.
- SSO provides users a way to manage their own login capabilities, it does not provide an integration to user roles. Roles are managed directly within Elite.
- Once the user is added in Elite, they will be in the Pending state until they have logged in for the first time.
- Users will not receive a temporary password, nor be prompted to set a password since with SSO their passwords are managed by your identity provider.
- If a user needs to be deactivated, you must deactivate them in both the Elite application as well as your identity provider. Inactivating them in Elite immediately removes their access and logs them out of the application.
- Users will not have an option to manage passwords in Elite; with SSO that is done via your identity provider.
- If for some reason SSO is no longer needed for your organization, it can be disabled by contacting us. Once SSO is disabled, any active users would be sent back to a "Pending" status and would be required to create a password at their next attempt to log in.
- If someone needs access to Elite but is not in your identity provider directory, you may add them as an SSO guest user. If SSO is enforced on your account, the SSO guest user checkbox will appear on the Create User and Edit User slider. Check that box, and they'll log in via the usual Elite workflow. You are able to set a password policy for guest users and they are able to enable multi-factor authentication.